17.5 C

How To Install OpenVPN on CentOS 8

Today we are going to learn that how to install OpenVPN on Centos 8. First of all let’s have a short introduction about it. A VPN “Virtual Private Network” is a technology that permits you to create a fully secured network over the Internet. This may lets you encrypt your internet visitors and shield your online identity. It is in general used to connect business networks securely over the Internet & allows you to attach a enterprise network from anywhere.

In simple terms, a VPN connects your Cellular, Computer, & Tablet to any other computer (server) over the Internet and lets in you to access the Internet.
It will connect you using that server’s internet and also get entry to the local community via bypassing Internet censorship remotely. VPN has many other different advantages you can google them for learning in more details.
So, today we will learn that how we can Install VPN on our CentOS 8 system to stay secure and browser different activities securely. Just follow the below steps for an easy installation.

Step 1: Update your system

As usual we do, update your system by runnig

sudo yum update && sudo yum upgrade

Step 2: Disable SELinux

After updating system don’t forget to disable SELinux before further proceeding. Open the file /etc/selinux/config & then change the following line to disable SELinux

sudo nano /etc/selinux/config

Then save the file & exit.

Step 3: Enable IP Forwarding

Now, enable the IP forwarding in CentOS 8. It will allows the coming packets & then forward it to the network when destination is on another network.

For enabling IP Forwarding type

sudo nano /etc/sysctl.conf

Then add the following line

net.ipv4.ip_forward = 1

After it save the file & exit.

Step 4: Installing OpenVPN Server

If you’ve already installed EPEL repository in your system, leave the first step below. If you don’t have install it by

sudo dnf install epel-release -y

After it run the command to install OpenVPN server

sudo dnf install openvpn -y

When the installation finished, switch to the /etc/openvpn directory & download the easy-rsa for Security purposes.

cd /etc/openvpn
sudo wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz

Then extract the downloaded package.

sudo tar -xvzf EasyRSA-unix-v3.0.6.tgz

And move the resulting

sudo mv EasyRSA-v3.0.6 easy-rsa

Step 5: Configuring Easy RSA

As for security reasons, we’ve to add SSL certificates. And for these purposes configure the Easy RSA on our system.

Switch to the /etc/openvpn/easy-rsa directory & create a new file

cd /etc/openvpn/easy-rsa
sudo nano vars

Then paste the below content into the file

set_var EASYRSA                 "$PWD"
set_var EASYRSA_PKI "$EASYRSA/pki"
set_var EASYRSA_DN "cn_only"
set_var EASYRSA_REQ_EMAIL "admin@osradar.com"
set_var EASYRSA_REQ_OU "osradar EASY CA"
set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_ALGO rsa
set_var EASYRSA_CA_EXPIRE 7500
set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
set_var EASYRSA_DIGEST "sha256"

Note: Replace the country, province, city & email address with yours.

Save the file & exit.

After it run the command to initiate the PKI directory.

./easyrsa init-pki


You’ll see the output like this.

how to install openvpn on centos 8

Now, build the CA certificates

sudo ./easyrsa build-ca


how to install openvpn on centos 8

Note: You’ll be given two files named as ca.key & ca.crt from the above running command. You can use them while logging in to server & clients.

Step 6: Generating Server Certificate Files

Now, run the command to generate the key-pair & certificate request.

sudo ./easyrsa gen-req osradar-server nopass


Here’s output sample

how to install openvpn on centos 8

Step 7: Sign the Server Key Using CA

Now, sign in the osradar-server key with the help of your CA certificate.

To do this just fire the command

sudo ./easyrsa sign-req server osradar-server


You will see the output like this

how to install openvpn on centos 8
openssl verify -CAfile pki/ca.crt pki/issued/osradar-server.crt 

You’ll see the similar output upon successful configuration.

pki/issued/osradar-server.crt: OK

Now, generate the Diffie-Hellman key for exchange key purposes

sudo ./easyrsa gen-dh


how to install openvpn on centos 8

As you finished all these just copy them to the /etc/openvpn/server/ directory

cp pki/ca.crt /etc/openvpn/server/
cp pki/dh.pem /etc/openvpn/server/
cp pki/private/osradar-server.key /etc/openvpn/server/
cp pki/issued/osradar-server.crt /etc/openvpn/server/

Step 8: Generating Client Certificate & Key File

Generate the client key file using

sudo ./easyrsa gen-req client nopass


how to install openvpn on centos 8

Now, sign the client key with the help of your CA certificate

sudo ./easyrsa sign-req client client


how to install openvpn on centos 8

After finishing these changes, copy them to the /etc/openvpn/client/ directory

cp pki/ca.crt /etc/openvpn/client/
cp pki/issued/client.crt /etc/openvpn/client/
cp pki/private/client.key /etc/openvpn/client/

Step 9: Configuring OpenVPN Server

Make a new config file under the /etc/openvpn/client with your favourite editor

sudo nano /etc/openvpn/server/server.conf

Then paste the below content into it.

port 1194
proto udp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/osradar-server.crt
key /etc/openvpn/server/osradar-server.key
dh /etc/openvpn/server/dh.pem
push "redirect-gateway def1"
push "dhcp-option DNS"
push "dhcp-option DNS"
cipher AES-256-CBC
tls-version-min 1.2
auth SHA512
keepalive 20 60
compress lz4
user nobody
group nobody
log-append /var/log/openvpn.log
verb 3

After it save & exit the file.

Step 10: Start OpenVPN Services

Simply run the command below to start & enable the OpenVPN Services

sudo systemctl start openvpn-server@server
sudo systemctl enable openvpn-server@server

Make sure that the status is active by

systemctl status openvpn-server@server
how to install openvpn on centos 8

Upon successful setup, OpenVPN Server will create a new network interface. Check it by typing



how to install openvpn on centos 8

Step 11: Generating Client Configuration File

It is necessary to generate the client configuration file in order to connect to the OpenVPN server from the client system.

sudo nano /etc/openvpn/client/client.ovpn

Then paste the below data into it.

dev tun
proto udp
remote vpn-server-ip 1194
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
resolv-retry infinite
compress lz4
verb 3

Save & exit the file

Step 12: Configuring Routing

Allow the service through the firewalld by typing

firewall-cmd --permanent --add-service=openvpn
firewall-cmd --permanent --zone=trusted --add-service=openvpn
firewall-cmd --permanent --zone=trusted --add-interface=tun0

And then add the MASQUERADE on the default zone.

firewall-cmd --add-masquerade
firewall-cmd --permanent --add-masquerade

After it allow the coming requests from VPN to local system (VPN Network to local network)

osradar=$(ip route get | awk 'NR==1 {print $(NF-2)}')
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s -o $osradar -j MASQUERADE

Reload the changes

firewall-cmd --reload

Step 13: Use OpenVPN from Clients

To use the OpenVPN from the client machine, you’ve to install the OpenVPN package with the following command

dnf install epel-release -y
dnf install openvpn -y

After it download the OpenVPN client config files from server to client system.

Run the given command on client system

scp -r root@vpn-server-ip:/etc/openvpn/client  .

As it get finished switch to the client directory and type

cd client
openvpn --config client.ovpn

When the connection becomes successful, OpenVPN will assign the IP address to your system. Type the command to verify it.

ifconfig tun0

So, this is how you can configure and install the OpenVPN server and client on CentOS 8.

- Advertisement -



Please enter your comment!
Please enter your name here

Donate to Osradar

Latest article